Slashdot Mirror

← Back to Stories (view on slashdot.org)

Half of Ransomware Victims Didn't Recover Their Data After Paying the Ransom (bleepingcomputer.com)

Posted by msmash on from the tough-luck dept.

An anonymous reader shares a report: A massive survey of nearly 1,200 IT security practitioners and decision makers across 17 countries reveals that half the people who fell victim to ransomware infections last year were able to recover their files after paying the ransom demand. The survey, carried out by research and marketing firm CyberEdge Group, reveals that paying the ransom demand, even if for desperate reasons, does not guarantee that victims will regain access to their files. Timely backups are still the most efficient defense against possible ransomware infections, as it allows easy recovery. The survey reveals that 55% of all responders suffered a ransomware infection in 2017, compared to the previous year's study, when 61% experienced similar incidents. Of all the victims who suffered ransomware infections, CyberEdge discovered that 61.3% opted not to pay the ransom at all. Some lost files for good (8%), while the rest (53.3%) managed to recover files, either from backups or by using ransomware decrypter applications. Of the 38.7% who opted to pay the ransom, a little less than half (19.1%) recovered their files using the tools provided by the ransomware authors.

58 comments

  1. obCasablanca by cascadingstylesheet · · Score: 5, Funny

    I am shocked, shocked that paying ransom to criminals does not always result in getting what I paid for!

    1. Re: obCasablanca by Type44Q · · Score: 1

      Apparently so is msmash...

    2. Re:obCasablanca by Anonymous Coward · · Score: 2, Insightful

      Ransomware criminals shouldn't shit where they drink. By failing to unlock the files, they decrease the chance future victims will be willing to pay. Unfortunately for the criminals there are any number of other criminals out there who don't follow this simple rule. They don't unlock because they don't care, they're only in it for the short term, or they failed to implement unique wallets per victim to verify who's paid them and who's only claiming to have done so.

      None of this is terribly surprising; it's the nature of the beast. The numbers are at least interesting however.

    3. Re:obCasablanca by omnichad · · Score: 4, Interesting

      By failing to unlock the files, they decrease the chance future victims will be willing to pay.

      Let's all be happy about it. It keeps more people from paying. I've always wondered if these non-successful recoveries were due to black hats trying to teach the public at large to stop paying ransoms. It also helps spread the message that there is no substitute for backups.

    4. Re:obCasablanca by ctilsie242 · · Score: 0

      Even if there is almost zero percent change that the ransomware authors can/will unlock files, people will still pay. Mainly because they have a lottery's chance of getting their files back versus 0% if they don't.

    5. Re:obCasablanca by geekmux · · Score: 1

      Ransomware criminals shouldn't shit where they drink. By failing to unlock the files, they decrease the chance future victims will be willing to pay.

      I tend to doubt that. People who have no other recourse to recover their precious data will pay. Even if there's only a slight chance of success.

    6. Re:obCasablanca by gnick · · Score: 1

      I paid the full ransom. At least, that's what I'll say if anyone asks why I bought and spent Bitcoin. Google tells me that Overstock.com and a couple of others take Bitcoin now, but is anyone actually buying legitimate goods with it? The overhead's high and the latency is a nuisance if you aren't prepared ahead of shopping. It's useful for contraband, ransoms, and blind speculative investing, but I'm not sure why I'd use it for a book, a TV, or a sandwich.

      --
      He's getting rather old, but he's a good mouse.
    7. Re:obCasablanca by jetkust · · Score: 1

      Yep, the amount of money asked by ransomware author's is priced with risk/reward in mind. The less confidence people have in recovering their the lower the price goes.

    8. Re:obCasablanca by Jeremi · · Score: 1

      ... but, will they start backing up [what remains of] their data afterwards?

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
    9. Re:obCasablanca by DigiShaman · · Score: 1

      Never forget, it was Joseph Bonavolonta with the FBI that said at a Cyber Security Summit in 2015 the following things.

      - "The ransomware is that good... To be honest, we often advise people just to pay the ransom."
      - “the easiest thing may be to just pay the ransom"
      - "overwhelming majority of institutions just pay the ransom."
      - "You do get your access back"

      Do you just LOVE your heroes in office?

      --
      Life is not for the lazy.
    10. Re:obCasablanca by omnichad · · Score: 1

      Sounds more like they're helping another TLA cover the tracks of domestic spying disguised as ransomware. That sounds awfully suspicious when you cherry pick the phrases like that - and I'm not even that paranoid.

    11. Re:obCasablanca by DigiShaman · · Score: 2

      What's to cherry pick? It was said, ****at a cyber security summit....in front of people****. Ok, maybe not all the quotes, but even if just one in person, it's totally irresponsible! It simply isn't a defensible position to take.

      If it was me that said that in the private sector, i'd lose 100% of credibility among my peers that work in information security.

      --
      Life is not for the lazy.
    12. Re:obCasablanca by omnichad · · Score: 1

      What's to cherry pick?

      The whole speech is the cherry tree. That's all I mean - take away the context and get to the real specific things called for and it really sounds like they're trying to handwave away attention at ransomware.

    13. Re:obCasablanca by Anonymous Coward · · Score: 1

      I've always wondered if these non-successful recoveries were due to black hats trying to teach the public at large to stop paying ransoms.

      I see no reason to think that, it's just criminal assholes saying "fuck it, we've got the part which fucks up the computer and makes them pay, why the fuck would we care about what happens to your data?" Why spend time making a complete solution? Get your money and leave.

      And I will continue saying that if we said "fuck you" to javascript, 3rd party anything, and anything which presumes you're going to let some random asshole of a website run code we'd see far less of this shit.

      I visit a website, I have no reason to trust them to run code on my machine, none at all. I certainly have no reason to let whatever external site they link to run code.

      Ads and malware are largely impossible to differentiate, because they use the same techniques.

      That the default permission model of the internet is to let every asshole and whoever they brought to the table run code on your machine is why we have this shit. This is pathetic and needs to change.

      That is probably where a huge amount of this shit comes from. Javascript from 10 different sources for every page you visit is stupid and dangerous.

    14. Re:obCasablanca by GuB-42 · · Score: 1

      Smart criminals give you what you paid for.
      It is a business, and the victims are like customers. All the rules that apply to legitimate companies apply too. They want your money, and for that, they need to make it clear that the best solution in order to recover your files is to pay the ransom. If people start thinking that paying is useless anyways, it will hurt their bottom line in the long run.
      From what I understood, mafias are very reliable. It you pay for "protection", they really protect you. Ineffective "protectors" aren't paid and are eventually replaced. Of course, the way they offer protection is by making sure that small criminals go to people who don't pay, but the key is, there is a real incentive to pay.

      And just like legitimate companies, all criminals aren't smart.

    15. Re:obCasablanca by Gavagai80 · · Score: 1

      The less confidence people have in recovering their the lower the price goes.

      Not really, the price is based only on what those who do comply can pay. The amount of money 419 scammers ask for in their emails doesn't go up or down according to number of compliant victims either.

      --
      This space intentionally left blank
    16. Re:obCasablanca by Anonymous Coward · · Score: 0

      To be fair, this may have been good advice in 2015. Is it possible that things may have changed in the last three years?

    17. Re:obCasablanca by jellomizer · · Score: 1

      Such action should be illegal. And these criminals who did this should be punished for it.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    18. Re:obCasablanca by DigiShaman · · Score: 1

      Irresponsible none the less. At best, he should have STFU about anything even remotely related to the subject. No no, he had to explicitly advise on paying the ransom for data that's been compromised.

      Look at this way. If sensitive information was locked up via CryptoWall inside the offices of the FBI, would they pay the ransom if no backups were available (admittedly, that's highly unlikely). As a tax paying civilian entrusting my data the the largest monopoly of authority in the US -The Federal Government-, that's pretty worrisome.

      --
      Life is not for the lazy.
    19. Re:obCasablanca by DigiShaman · · Score: 1

      It's not about the technology. It's a philosophical matter.

      --
      Life is not for the lazy.
    20. Re: obCasablanca by bobmajdakjr · · Score: 1

      i am really surprised the number is as high as half of them did. always assumed the number was closer to like 10% return rate

    21. Re:obCasablanca by Anonymous Coward · · Score: 0

      I tend to doubt that. People who have no other recourse to recover their precious data will pay. Even if there's only a slight chance of success.

      If you have no other recourse to get your data, it clearly wasn't important to you in the first place.

      I've known people who do backups for a living, and one day their computer keels over, and they have no backups.

      And I'm just looking at them saying "you do this shit for a living, you know why backups are important, and yet you couldn't be arsed to even try?"

      I can understand if you lack the skills, but a shocking amount of people apparently won't bother with such things.

      Me, I'll bet most of this shit comes in via browsers and malicious web sites. Which is why I keep scripts and the like on browsers as whitelist only. My bank? Sure. Some random website? Not on your fucking life.

      We need to stop trusting every website we encounter to run code. I'm betting that stops the vast majority of this shit. The problem is the ad companies have far too much say in how the internet works, and wouldn't accept anything which limits their shit.

  2. The moral of the story is ... by jetkust · · Score: 1

    Only get hacked by competent hackers.

    1. Re:The moral of the story is ... by Anonymous Coward · · Score: 1

      With great customer services.

    2. Re:The moral of the story is ... by geekmux · · Score: 2

      With great customer services.

      I can see the ransomware surveys now...

      "Thank you for your payment. We strive to be the best when it comes to timely decryption of your data. If you could please fill out this short survey and rate our performance today, we would greatly appreciate it."

    3. Re:The moral of the story is ... by Anonymous Coward · · Score: 0

      A free iPad to the 100th "customer".

  3. Well by Anonymous Coward · · Score: 0

    If you are someone who needs the information on your hard drive, you are probably the type of person that protects your data and makes backups. If you did not, you didn't really need it that bad. Then there are the people that probably think their computer is now broken and those people are stupid, so it comes down to which of those stupid people have extra money. Then there are businesses who are just bad at IT. This is probably where most of the ransoms came from.

    1. Re:Well by omnichad · · Score: 2

      If you are someone who needs the information on your hard drive, you are probably the type of person that protects your data and makes backups.

      It's funny how you believe that.

    2. Re:Well by Anonymous Coward · · Score: 0

      You would be surprised. I interviewed at a place a couple years ago, where the CEO told me that "backups have no ROI, put it in CodeCommit." Needless to say, I didn't take that job.

    3. Re:Well by e_pluribus_funk · · Score: 1

      Proving cost avoidance in ROI terms is hard.

    4. Re:Well by dgatwood · · Score: 1

      You would be surprised. I interviewed at a place a couple years ago, where the CEO told me that "backups have no ROI, put it in CodeCommit." Needless to say, I didn't take that job.

      Assuming the version control system is either backed up or distributed, that CEO was right. What's the point of having extra backups if every employee already has a backup?

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    5. Re:Well by jetkust · · Score: 1

      CodeCommit runs on AWS. So as soon as it's committed it's backed up. What am I missing?

  4. Amoral criminals? by nospam007 · · Score: 1

    Next they'll tell us that you don't always get the kidnapping victims back alive after paying the ransom.

    1. Re:Amoral criminals? by gnick · · Score: 1

      You can make more money by sending the kidnapping victim back in installments.

      --
      He's getting rather old, but he's a good mouse.
  5. but half did get their data.. by zr · · Score: 1

    ..and so the con will continue.

    1. Re:but half did get their data.. by Anonymous Coward · · Score: 0

      If there's only a 50% chance I'll get my data back, I should only have to pay 50% of the ransom.

    2. Re:but half did get their data.. by Kenja · · Score: 1

      If there's only a 50% chance I'll get my data back, I should only have to pay 50% of the ransom.

      But then you would only have a 50% chance of getting half your data...

      --

      "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    3. Re:but half did get their data.. by jetkust · · Score: 1

      Plus they charge double the ransom if you only want 50% of your data.

    4. Re:but half did get their data.. by gnick · · Score: 3, Funny

      If there's only a 50% chance I'll get my data back, I should only have to pay 50% of the ransom.

      I paid double the ransom so I have a credit ready for next time.

      --
      He's getting rather old, but he's a good mouse.
  6. Worst ransomware ever! by Anonymous Coward · · Score: 0

    If I could give this ransomware 0 stars I would!

  7. The bottom line... by jcr · · Score: 4, Insightful

    If you need to keep your data, 1) don't use any Microsoft products, and 2) keep backups.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
    1. Re:The bottom line... by Anonymous Coward · · Score: 2, Informative

      https://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-linux-ransomware/

    2. Re:The bottom line... by Gavagai80 · · Score: 1

      Servers have large attack surfaces, especially when they're hosting third party scripts for thousands of people who don't care about your security. Call me when a linux desktop is infected.

      --
      This space intentionally left blank
    3. Re:The bottom line... by thegarbz · · Score: 1

      If you need to keep your data, 1) don't use any Microsoft products

      I have an even better idea. Don't take stupid advice from people on Slashdot:
      https://www.trendmicro.com/vin...

    4. Re:The bottom line... by Anonymous Coward · · Score: 0

      About a decade ago, before the main ransomware wave hit, I was approached by a non-profit with limited funds and technical know-how that had been hit by ransomware, on their Linux web server running some PHP-based CMS. Their site was down, they couldn't afford the ransom, and although they had a backup of the images and CSS, they didn't have a backup of the actual content. Fortunately, although the main file system was gone, at the time of the attack the database had apparently been in use and thus locked by the SQL server so it was untouched. Considering that they didn't have the resources to maintain a CMS and that the content had been changing very infrequently, we decided to build a static HTML site from the materials we had. Didn't even take that long to do actually and the client was quite relieved.

    5. Re:The bottom line... by Anonymous Coward · · Score: 0

      from your ridiculous link: "NAYANA’s website runs on Linux kernel 2.6.24.2"

      don't waste my time with these dumb ass FUD stories from freaking windows users(!) trying to peddle their absurd "products".

    6. Re:The bottom line... by Anonymous Coward · · Score: 0

      If you need to keep your data, 1) keep backups. Period.

      I just had an Android software update screw up my phone (infinite reboot cycle, non-removable battery). I was forced to recover by resetting the phone to factory settings. The ransomware business is only one of a multitude of ways of losing data, and Microsoft is not the only bad actor. The ONLY way to keep your data accessible is to have a copy of it. And backups have never been easier.

      I used to look forward to having a device with no spinning disk (no more head crashes!) but in the real world, I find companies keep trying to exert post-purchase control over "their" devices. They do much more damage to me than disk problems do. Despite the amazing inherent build quality of today's electronics, the rent-seeking behavior gives me overall reliability that reminds me of a mid-80's PC. I remember those days, the hunted feeling, the ever-present spectre of impending data loss. I have the same feeling now -- about my phone, my home PC, my e-mail, my cloud-based data.

      Backups FTW!

    7. Re:The bottom line... by Anonymous Coward · · Score: 0

      how the fuck is that insightful when Mac OS and Linux have also been targets for ransomware. this moron is the type of victim ransomware criminals are looking for, too stupid to understand the dangers.

  8. Whats a good home backup system? by DirkDaring · · Score: 1

    So on this related subject, I have half a dozen Windows PCs networked at home. What's a good backup system to use in case one of the kids executes something and the network gets hits with a ransomware?

    1. Re:Whats a good home backup system? by northerner · · Score: 1

      I use AJCsync to backup data to removable USB drives and to multiple cloud drives. It can encrypt the data on the fly as it backs things up so the data stays safe. http://www.ajcsoft.com/file-sy...

    2. Re:Whats a good home backup system? by Solandri · · Score: 1
      Macrium Reflect, EaseUS ToDo Backup, and Paragon Backup and Recovery all have free versions which support incremental or differential backups. Those will only backup the changes from previous backup(s), so will cut down backup time significantly. I still recommend a full backup about once a month.

      The important (and difficult) thing is that your backup needs to be offline. If you try to use an always-online device like a NAS or permanently attached external drive as a backup, the ransomware will just encrypt your backups.

      Preferably, your backup would be stored off-site as well, in case your house burns down. For that reason, I also recommend storing your backup drive at work in between backups, or using a cloud backup service. As photos and videos are usually the most precious files for most home users:
      • If you've got a Gmail account, Google Photos will let you make unlimited backups of photos up to 2048x2048 resolution. It also lets you make unlimited backups of certain videos, although I don't know the size limitation (used to be 1080p and 15 minutes, but they seem to have scrubbed that so I dunno what the new limits are). In addition, you get 15 GB of free Google Drive space, where you can store files which exceed these size limits.
      • If you subscribe to Amazon Prime, you also get Prime Photos. That includes unlimited cloud backups of all photos of any size.
      • If you subscribe to Office 365, that includes 1 TB of cloud storage on Microsoft OneDrive. You can use that for offsite backups as well.
    3. Re:Whats a good home backup system? by Anonymous Coward · · Score: 0

      so you're teaching your kids to be dumb little consumers of slaveware? pull your head out of your ass and get a freedom respecting OS.

    4. Re:Whats a good home backup system? by ctilsie242 · · Score: 1

      If you do backups, look at the 3-2-1 methodology. Three copies, two on different media, one offsite.

      For example: CrashPlan and Veeam to a NAS. CrashPlan takes care of offsite documents, Veeam allows you to restore locally. A lot of NAS models also can back themselves up as well as keep snapshots, so a share nailed by ransomware can be rolled back quickly, or restored from somewhere.

    5. Re:Whats a good home backup system? by Agripa · · Score: 1

      I would do two things:

      1. Isolate every device including every PC on the LAN using a real router instead of a switch. Then every device can see the internet unimpeded but all traffic between devices is controlled by the firewall which be default can block everything. Most routers only have one LAN port no matter how many switched ports are connected to it so the cheapest way to implement this is some PC hardware with multiple LAN ports or perhaps better, using a router which supports VLANs and attaching a VLAN switch.

      2. Use a server to store backups but pull them instead of pushing them. The backup server needs access to everything it is going to backup but the stateful firewall in the router above blocks incoming connections so the backup sever can see what it needs to on the LAN but the devices on the LAN cannot see it.

  9. Something something Danegeld something something by Anonymous Coward · · Score: 0

    If only I could remember how that goes...

  10. war by Anonymous Coward · · Score: 0

    Half of IT departments suffered ransomware infections and we're not sending nukes to blow up the offending countries? This shit is war man!

  11. they deserve it by Anonymous Coward · · Score: 0

    they all deserve to have their money and data lost since they were all too happy to fund the digital slave trade until they realized they were not a minor master but a slave as well. screw 'em.

  12. Bad news for ransomware operators by manu0601 · · Score: 1

    This is very bad news for ransomware operators. Once people know they may not get their data back for money, they will not pay.